Dropbox vs. Box vs. HubiC

Edit: Brain Fart — I seem to have omitted about a paragraph of pertinent information.

I’ll assume you all know what Dropbox is. If you don’t, go get Dropbox now. It’s free and it’s awesome.

The only downside of Dropbox is that if you want more than the 2GB of storage you get for free, it gets more expensive, and the upper limit on how much you can store is (for practical purposes) quite low. Personally, I haven’t found either of these an issue — but thanks to my link on opensourcemac.com, I have a pretty huge “free” account. But it would be awesome to have something like Dropbox that was so big I could just stop managing what I keep on it altogether (of course, this is the problem with stuff that’s free — you waste it).

Box.com has been around about as long as Dropbox (heck, it has an even better domain name, right?) but has been targeted at the enterprise.

hubiC.com (their capitalization) I just found out about via Hacker News. It offers more free storage than Dropbox, but not quite as much as Box, and vastly cheaper paid plans, including about $140/year for 10TB. (I’m not sure how you can actually get 10TB into it, short of using a ZFS or Drobo style multi-disk volume.)

2GB vs 50GB vs 25GB

This is how much storage you get for free.

$100/year for 100GB vs. $10/month for 100GB vs. $13.60/year for 100GB (or $136/month for 10TB)

Edit: I’ve corrected the costs for HubiC.

This is how much it costs for more storage. Box gives you — by far — the most free storage but gets more expensive than Dropbox (while offering various enterprisey features). HubiC is insanely cheaper than both of them. By way of comparison, iCloud costs $20/year for 20GB, so in terms of dollars per unit storage, only HubiC is a better deal. In terms of useful features out of the box, Dropbox support is built into far more programs while iCloud offers useful functionality (notably over-the-air backups of devices and integration with Apple products) to Mac and iOS users that no other platform can (currently) match.

For Android users, the iCloud equivalent is Google Drive, which gives you 15GB free, and costs $60/year for 100GB, making it a bit cheaper (and less useful) than Dropbox.

Mac OS X Integration

All three programs appear as folders in your home directory by default, and stick shortcuts to themselves in Finder’s sidebar. Having installed HubiC and then Box after installing Dropbox, Box was very flaky when first installed. Its installer provided no feedback, and the first few times I tried to launch the application nothing seemed to happen, followed by weird broken delayed launches. Once I’d patiently killed a bunch of Box.app instances and started over it worked well.

Box and Dropbox have similar levels of Finder integration — they indicate the state of files and provide context menu items for sharing links. HubiC appears not to do anything like this, unfortunately.

All three applications provide status menus — those icons that appear in the menubar to the left of the Spotlight magnifying glass. I should note that HubiC’s icon looks like a shapeless blue blob — a blue cloud? — which is an anti-feature. The status menus of all three seem to be perfectly fine and offer decent functionality. Oddly enough, Box and Dropbox no longer keep you apprised of your usage level whereas HubiC does.

Box has one glaring defect — it won’t sync Mac OS X “bundles” (i.e. directories masquerading as files). I have no idea why — they’re just directories. It tells you to zip them up first (gee, how about doing it yourself?)

All three services offer support for all the usual platforms — although I can’t comment on how good any of them are (except the Dropbox client for iOS is decent, and all three work decently in a web browser, although HubiC’s in-browser account management is awful). I cannot yet comment on the security of Box or HubiC. Dropbox offers, and I use, two-factor authentication, and I’m pretty sure HubiC does not (but its website is pretty hard to navigate so maybe it’s there somewhere).

Conclusion

If you just want some free storage and don’t mind not being able to sync bundles then Box is a better deal than Dropbox and it’s probably quite robust given the money behind it. If you’re already using Dropbox and don’t need more storage, Box does not work as well so unless you want its enterprisey features (and you know who you are) you might as well stick with Dropbox. I can’t really comment on HubiC until I’ve exercised it by, saying syncing a buttload of RAW files to it (if I’m going to get more cloud storage, I want enough of it to not need more than one service). If you’re interested, HubiC is a damn good deal for free and it works side-by-side with the others. If it turns out to deliver the goods, I may well end up buying a 10TB plan and switching to it from Crashplan.

Dropbox: Deduplication with Privacy

There’s been a bit of a scare regarding Dropbox related to the possible use of deduplication to determine who has copies of “illegal” files and then the use of warrants to identify infringing Dropbox users and basically hose them.

The problem

When you store a file on Dropbox it will be hashed (more-or-less uniquely identified by scanning its content) and then the hash and the file’s size will be used to determine if the file already exists on Dropbox’s server (i.e. if your ripped copy of Avatar matches someone else’s it will have the same hash value and the exact same file size). If so, rather than uploading the file your account will simply get a new file entry pointing at the existing file. “Upload” is instant, Dropbox saves money on storage, everybody wins.

But, suppose James Cameron uploads a ripped copy of Avatar to Dropbox and notices that this 3GB MP4 file uploaded instantly. He now knows someone else has such a file on Dropbox which is reasonable cause to suspect that piracy is happening and, in theory, he can require Dropbox to tell him everyone who has a copy of that file in their account.

Hence the scare.

The obvious solution to this problem is to not knowingly store illegally duplicated files in your Dropbox account or to encrypt them using your own unique key if you do.

But it’s quite possible that any of us might accidentally put an illegal file — or perhaps a file normal people consider “fair use” but the MPAA (say) might not consider legal — in your Dropbox account. E.g. I might rip Avatar using Handbrake so I can watch it on my iPhone, and this might create an identical file to your handbraked copy of Avatar, and according to the MPAA we might both be horrible criminals who deserve the gas chamber and given that Congress only cares about people who provide large campaign donations…

A possible solution

I’ve proposed this solution on both HackerNews and DropBox’s forums. It’s not perfect — maybe someone can refine it.

I imagine Dropbox has a list of files with unique ids, sizes, and hash values, and every user has a list of files with their own personal path (where they think it is and what they think it’s called) along with the unique id of the actual underlying file. This is the heart of the problem.

Instead of storing the unique id of the underlying file in the user’s file table, Dropbox needs to store a number offset by a hash value generated client-size from the user’s password and the user’s name for the file (i.e. something that will be different for each user and each file and not replicable with data stored in Dropbox’s own database).

Note that if the user’s password is changed then every file id will need to be changed accordingly, which is definitely a downside. (And if you forget your password then your files cannot be recovered.)

Also note that presumably someone like the MPAA could simply obtain a warrant and wait for people to access an “illegal” file, but this is surely going to be a much slower and more difficult process than simply doing a query on the entire database and sending out threatening letters to everyone in the result list.

Thing is, this isn’t technically complex  to implement and could be a user preference. Would you prefer privacy with the risk of losing all your files if your password is lost? Given that you will probably have multiple backups of all your Dropbox files, it’s actually not a big problem. (In fact, if you consider the case where you are forced to reset your Dropbox password and thus Dropbox forgets you own all your files — re-uploading them from one of your computers will be instantaneous for all the files you previously had uploaded owing to deduplication.)

Edit: another problem with my proposed solution is that you can lose track of files (e.g. you can’t maintain an accurate reference count). This is probably not as big an issue as it might seem since Dropbox already retains files for a month after a non-paying user deletes them and forever for paying users. Presumably it retains copies of files left by users who stop using the service.

Final Note: I have no affiliation with Dropbox (although I do use the product) and have no stake in it. If you’d like to try Dropbox and give me more space to store potentially illegal files, please use this link.